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Operating System N - first portion 
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3 



Start Machine or Restart 



k0 2~ 



Boot PROM program loads data from boot disk and 
verifies it by hash function value matching 
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Boot disk software contains the public keys of one or more 
operating systems. User selects an operating system or one is 
selected by default. 
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First software module of selected operating system is 
loaded, containing a stub digitally signed by 
operating system vendor of hash function value of 
said module. 
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Boot disk software verifies digital signature in stub by 
vendor's public key and computes hash function value 
of software module and compares with hash function 
value in stub. 
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Embedding software 
module is executing, 
Watchdog code is reached 
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Perform Watchdog 
check? 
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Read contents of specified memory locations. 
Compute values of hash function on the contents of 
said specified locations. Compare with corresponding hash 
function values listed in Watchdog. 
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Establish a secure connection between Purchaser and Vendor. 
Purchaser pays for goods. 
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Purchaser creates a Software-Identifying 
Structure S. S = (NAME SW, ID, 
HASH(SW), USAGE POLICY, NONCE) 
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Purchaser sends HASH(S), the name of the software 
NAME_SW, the hash of the contents of the software 
HASH(SW) 3 and USAGE_POLICY to Vendor as purchase order 



Vendor verifies that Vendor has agreed to sell a copy of NAME_SW with the 
proposed USAGE_POLICY having HASH(SW) to Purchaser. 
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Vendor sends SGN_Vendor( HASH(S), NAME_SW, HASH(SW), USAGE JPOLICY) to 
Purchaser 



User Device's Supervising Program verifies that it has received the Vendor's digital signature 
on purchase order. If verification succeeds, then Supervisory Program places S and digitally 
signed message together forming the tag into the Tag Table having Tag Table Identifier Value 
ID. Otherwise, the Supervising Program aborts the protocol. 
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User Device's Supervising Program removes tag TAG_S W from 
the Tag Table having identifier value ID. 



The User Device calls up the Vendor over an anonymous channel and 
sends Tag TAG_SW. 



Vendor verifies that the Tag TAG_S W properly represents data created 
during a software purchase transaction and verifies said Vendor's digital 
signature on TAG_SW 
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Abort 
protocol. 



Vendor sends a certificate of credit to the user device. 
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Vendor sends TAG_SW and ID to Guardian Center. 

Guardian Center places TAG_SW in a linked list associated with the Tag Table 
Identifier value ID. 
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Supervising Program sends HASH(TT), HASH(TT PREV) 

and Tag Table identifier valuelD to Guardian Center. 
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HASH(TTPREV) = 
HASH(TT) previous? 



Guardian Center replaces its copy of 
HASH(TT) for ID by the sent HASH(TT). 



Guardian Center 
sends 

continuation 
message 
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is bad. After 
verification. 
Supervising 
Program declares 
Tag Table to be 
invalid. 



Guardian Center sends signed continuation message 
with the assertion that the Call -Up is good 
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Supervising Program verifies that HASH(TT) and HASH(TT_PREV) received from 
the Guardian Center are the ones the SP sent, and that the ID is equal. The 
Supervising Program performs a User Device Descriptive Value check. 




Check the following conditions: 

1) User Device Descript iVtValues that are not expected to change in the time 
elapsed between two successive Call-Ups have changed. 

2) User Device Descriptive Values that may change undergo the following changes: 
three previously sent Tag Tables have the property that the Header of the earliest 
sent Tag Table contains changeable UDDVs whose configuration of values is C, 
a subsequently sent Tag Table where the corresponding stored UDDVs have a 
markedly different configuration of values C_l, and a still later sent Tag Table 
where the corresponding stored UDDVs again have the configuration of values C 




The UDDV 
check fails. 
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The UDDV check succeeds. 
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Supervising Program initiates Call-Up through anonymous channel using SSL. 
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Supervising Program sends HASH(TT), HASH(TT_PREV), Tag Table Identifier Value ID, 
Current Time 



1603 Call-Up message 
already received at 
Guardian Center? 



Yes 



1604 

Resend previously 
sent Continuation 
Message. 



1605 

Guardian Center verifies: 1) received time agrees with time on Guardian Center's clock 
and that the inter-Call-Up interval is neither too short nor too long. 2) HASH(TT_PREV) 
value of HASH(TT) from previous Callup. 
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Guardian Center replaces its copy of 
HASH(TT) by the sent HASH(TT). 
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Guardian Center 
sends continuation 
message 

indicating that ID 
is bad. 
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Guardian Center sends a continuation message consisting of a signed portion including ID, 
H_l, H_k, HASH(AllSuperfmgerprints), and the Current Time in the Guardian Center, 
and decommissioned tags for this ID, if any and the unsigned portion consists of 
NewSuperfingerprints. 
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Upon receiving the Continuation Message, Supervising Program verifies that HASH(TT) 
(=H_1) and HASH(TT__PREV) (= H_2) received from the Guardian Center are the ones the SP 
sent, and that the Tag Table Identifier Value ID is equal to the Tag Table Identifier Value 
associated with this Supervising Program. The Supervising Program further verifies that the 
hash function values of previous Tag Tables correspond to previously held Tag Tables in the 
User Device. The Supervising Program also performs a User Device Descriptive Value check. 
The Supervising Program also verifies that the consumption recorded in the Tag Table 
sequence is non-decreasing in time. SP also verifies that decommissioned tags sent from the 
Guardian Center are absent from Tag Table. The Supervising Program also verifies that the 
NewSuperfingerprints sent and the ones already present on User Device are consistent with 
HASH(AllSuperfingerprints). 
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Supervising Program initiates Call-1 


Up through anonymous channel using SSL. 







Supervising Program sends time CurT, Nonce N, and Tag 
Table Identifier value ID to Guardian Center. 
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Call-Up not too 
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Guardian Center associates CurT with Tag Table Identifier value ID. 
Guardian Center creates a continuation message by forming a digitally signed 
message SGN_GC(ID, CurT, N, HASH(AllSuperfingerprints)) and associating 
that with NewSuperfingerprints. 
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Supervising Program verifies the digital signature of the Guardian Center received in the 
Continuation Message. The Supervising Program further verifies that the Tag Table 
Identifier value ID, the NONCE value N, and CurT received from the Guardian Center are 
equal to the corresponding values prepared by the Supervising Program for its Call-Up. The 
Supervising Program may optionally check that CurT is close to the time as recorded in the 
Supervising Program. Finally, the Supervising Program computes the hash function value of 
all its already received Superfingerprints, including the currently received 
NewSuperfingerprints, and verifies that the corresponding field in the Continuation Message 
equals the computed hash function value. 
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